What is hacking or hacked content?

Hacked content is any content placed on your site without your permission as a result of vulnerabilities in your site’s security. In order to protect our users and to maintain the integrity of our search results, Google tries its best to keep hacked content out of our search results. Hacked content gives poor search results to our users and can potentially install malicious content on their machines. We recommend that you keep your site secure, and clean up hacked content when you find it.

Some examples of hacking include:

Injected content
When hackers gain access to your website, they might try to inject malicious content into existing pages on your site. This often takes the form of malicious JavaScript injected directly into the site, or into iframes.

Added content
Sometimes, due to security flaws, hackers are able to add new pages to your site that contain spammy or malicious content. These pages are often meant to manipulate search engines. Your existing pages might not show signs of hacking, but these newly-created pages could harm your site’s visitors or your performance in search results.

Hidden content
Hackers might also try to subtly manipulate existing pages on your site. Their goal is to add content to your site that search engines can see but which may be harder for you and your users to spot. This can involve adding hidden links or hidden text to a page by using CSS or HTML, or it can involve more complex changes like cloaking.

Redirects
Hackers might inject malicious code to your website that redirects some users to harmful or spammy pages. The kind of redirect sometimes depends on referrer, user-agent, or device. For example, clicking a URL in Google search results could redirect you to a suspicious page, but there is no redirect when you visit the same URL directly from a browser.

Remember, the most effective way to combat hacking is to prevent it from happening in the first place. Here are our tips on both preventing hacked content and cleaning it up.